commit 4168c905943f7f715182180b9f7c8cda54af2514
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Apr 2 18:56:48 2026 +1100

    depend

commit f8b9d694fc20349b6c48a4af03a0499dea00f5f9
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Apr 2 18:55:50 2026 +1100

    Update versions in RPM spec files

commit 5aa09926fbf050d484a79717fadec8360c5c5645
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:52:15 2026 +0000

    upstream: adapt to username validity check change
    
    OpenBSD-Regress-ID: d22c66ca60f0d934a75e6ca752c4c11b9f4a5324

commit eb3a5bb2abd4798ff546564eb2210d188efaf0f1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:51:12 2026 +0000

    upstream: openssh-10.3
    
    OpenBSD-Commit-ID: 05e22de74e090e5a174998fa5799317d70ad19c4

commit 76685c9b09a66435cd2ad8373246adf1c53976d3
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:50:55 2026 +0000

    upstream: move username validity check for usernames specified on
    
    the commandline to earlier in main(), specifically before some contexts where
    a username with shell characters might be expanded by a %u directive in
    ssh_config.
    MIME-Version: 1.0
    Content-Type: text/plain; charset=UTF-8
    Content-Transfer-Encoding: 8bit
    
    We continue to recommend against using untrusted input on
    the SSH commandline. Mitigations like this are not 100%
    guarantees of safety because we can't control every
    combination of user shell and configuration where they are
    used.
    
    Reported by Florian Kohnhäuser
    
    OpenBSD-Commit-ID: 25ef72223f5ccf1c38d307ae77c23c03f59acc55

commit fd1c7e131f331942d20f42f31e79912d570081fa
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:48:13 2026 +0000

    upstream: correctly match ECDSA signature algorithms against
    
    algorithm allowlists: HostKeyAlgorithms, PubkeyAcceptedAlgorithms and
    HostbasedAcceptedAlgorithms.
    
    Previously, if any ECDSA type (say "ecdsa-sha2-nistp521") was
    present in one of these lists, then all ECDSA algorithms would
    be permitted.
    
    Reported by Christos Papakonstantinou of Cantina and Spearbit.
    
    OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86

commit 487e8ac146f7d6616f65c125d5edb210519b833a
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:42:16 2026 +0000

    upstream: when downloading files as root in legacy (-O) mode and
    
    without the -p (preserve modes) flag set, clear setuid/setgid bits from
    downloaded files as one might expect.
    
    AFAIK this bug dates back to the original Berkeley rcp program.
    
    Reported by Christos Papakonstantinou of Cantina and Spearbit.
    
    OpenBSD-Commit-ID: 49e902fca8dd933a92a9b547ab31f63e86729fa1

commit c805b97b67c774e0bf922ffb29dfbcda9d7b5add
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:39:57 2026 +0000

    upstream: add missing askpass check when using
    
    ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis
    Vasileiadis
    
    OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a

commit 78d549857e0cc480c3cbb0a3571078920e3b79c5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Apr 2 07:38:14 2026 +0000

    upstream: Fix possible sshd crash when sshd_config set MaxStartups
    
    to a value <10 using the single-argument form of MaxStartups (e.g.
    MaxStartups=3). This doesn't affect the three-argument form of the directive
    (e.g. MaxStartups 3:20:5).
    
    Patch from Peter Kaestle via bz3941
    
    OpenBSD-Commit-ID: 1ad093cae69f55ebfdea1ab24318aefd593d63b8

commit 5d72f1865b95ebfd99ea7baa8f6f2a4b721d151e
Author: Damien Miller <djm@mindrot.org>
Date:   Thu Apr 2 18:32:00 2026 +1100

    properly bail out when PAM changes username
    
    OpenSSH doesn't support PAM changing its conception of the
    username via a module calling pam_set_item(h, PAM_USER, ...).
    We were supposed to bail out here, but I messed up while "fixing"
    this last time and dropped a return statement.
    
    Reported by Mike Damm

commit fe86c39751d38eb9e9b03ace1e31aa4586ea6660
Author: Michael Forney <mforney@mforney.org>
Date:   Wed Apr 1 12:09:00 2026 +1100

    avoid k suffix in dd count operand in sftp-resume test
    
    Not all dd implementations support this. POSIX only specifies
    suffixes for block size operands.
    
    Instead, just use 1024k to avoid the special case. This also removes
    an incorrect redirection operator that appeared in the 1m case.

commit 52c01f2a8019002c70cfd93be87ff9adee1d0e73
Author: Michael Forney <mforney@mforney.org>
Date:   Tue Mar 31 12:54:22 2026 +1100

    add missing <stdio.h> include to unit tests for printf
    
    This fixes the build with --without-openssl on musl. glibc worked
    previously because it got stdio.h implicitly through resolv.h.

commit 1340d3fa8e4bb122906a82159c4c9b91584d65ce
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 30 21:58:44 2026 +1100

    Add proxyjump.sh omitted from previous commit.

commit 607bd871ec029e9aa22e632a22547250f3cae223
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 30 07:19:02 2026 +0000

    upstream: add a regression test for ProxyJump/-J; ok dtucker
    
    OpenBSD-Regress-ID: 400dc1b5fb7f2437d0dfbd2eb9a3583dafb412b3

commit 55fc7bfd1d3a46f4856fd68f09da60d901fac626
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 24 12:31:35 2026 +0000

    upstream: Use ~/.shosts for Hostbased test.
    
    OpenBSD-Regress-ID: ab64fd0a86422df1eadacde56c0a2cff5d93425d

commit 445db5cb620d73c9af1f1791c523aaf3d2236854
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 24 10:21:14 2026 +0000

    upstream: Ensure known_hosts file exists when setting up.
    
    OpenBSD-Regress-ID: 92721cad4c219fe62b7b795a73505c22e56f09e0

commit 2ecfcc0aae651621535e345a1c23ff6d2a9593c9
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Mar 23 09:53:52 2026 +0000

    upstream: Check if host keys exist before adding them, and expand
    
    on the warning about modifying the system config.
    
    OpenBSD-Regress-ID: 68038da909f9c992375b7665dab0331d6af426b7

commit 5576e260a0f9836ca55c8279e342c63d1a0851d1
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Mar 23 09:09:36 2026 +0000

    upstream: Add special handling of
    
    TEST_SSH_HOSTBASED_AUTH=setupandrun.
    
    This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
    hostbased authentication to/from itself and run the hostbased tests.  It
    won't undo these changes, so don't do this on a system where this matters.
    
    OpenBSD-Regress-ID: ae5a86db1791a2b8f999b07b5c8cc756d40bf645

commit 0a0ef4515361143cad21afa072319823854c1cf6
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 30 07:18:24 2026 +0000

    upstream: apply the same validity rules to usernames and hostnames
    
    set for ProxyJump/-J on the commandline as we do for destination user/host
    names.
    
    Specifically, they are no longer allowed to contain most characters
    that have special meaning for common shells. Special characters are
    still allowed in ProxyJump commands that are specified in the config
    files.
    
    This _reduces_ the chance that shell characters from a hostile -J
    option from ending up in a shell execution context.
    
    Don't pass untrusted stuff to the ssh commandline, it's not intended
    to be a security boundary. We try to make it safe where we can, but
    we can't make guarantees, because we can't know the parsing rules
    and special characters for all the shells in the world, nor can we
    know what the user does with this data in their ssh_config wrt
    percent expansion, LocalCommand, match exec, etc.
    
    While I'm in there, make ProxyJump and ProxyCommand first-match-wins
    between each other.
    
    reported by rabbit; ok dtucker@
    
    OpenBSD-Commit-ID: f05ad8a1eb5f6735f9a935a71a90580226759263

commit b62a6cfbed3481dac8bff35fab22cf489bb0b77f
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sun Mar 29 01:08:13 2026 +0000

    upstream: switch from int to long long for bandwidth calculations;
    
    fixes rate display when rate > 2GB/s; based on patch from Cyril Servant
    feedback/ok deraadt@
    
    OpenBSD-Commit-ID: 071eb48c4cba598d70ea3854bef7c49ddfabf8d3

commit 54443b8665c9c29ea0e3f5a5176d8f3c3403ad7c
Author: Damien Miller <djm@mindrot.org>
Date:   Sun Mar 29 16:43:59 2026 +1100

    depend

commit c90f46b6230826cdadacd6c32b62b0f8106a09da
Author: Damien Miller <djm@mindrot.org>
Date:   Sun Mar 29 16:42:33 2026 +1100

    use nonnull attribute when available
    
    Set this attribute on a few string to avoid compiler warnings from
    -Wunterminated-string-initialization warnings in recent gcc.

commit bdaf65ae51d62c6cb676bd341cc34217c1b24920
Author: Damien Miller <djm@mindrot.org>
Date:   Sun Mar 29 16:24:59 2026 +1100

    fix state confusion between PAM and privsep code
    
    Commits b9a6dd4d6 and df2b28163 introduced a potential desynchronisation
    between the PAM code and the sshd-session monitor that could result in
    authentication bypass if the unprivileged sshd-auth process had been
    compromised.
    
    Reported by Ben Edelman of NIST. Only git HEAD is affected, these
    changes have not yet been included in an OpenSSH release.

commit 6eb5a68c42a587df802d3d9a19088671269ffca8
Author: Laurent Chardon <laurent.chardon@gmail.com>
Date:   Sat Mar 28 04:22:54 2026 -0400

    openbsd-compat: reword EAI_NONAME error string
    
    Reword the EAI_NONAME message in fake-rfc2553.c to make it
    clearer and grammatically correct.
    
    While there, remove a couple of stray periods from other error
    strings to keep the messages consistent.
    
    No functional change.

commit fd7d4b2b52deaf296b06d78b85c97fdae31912e8
Author: Icenowy Zheng <uwu@icenowy.me>
Date:   Sun Mar 22 15:13:31 2026 +0800

    seccomp sandbox: allow riscv_hwprobe syscall if present
    
    The development branch of zlib-ng now contains code for utilizing
    riscv_hwprobe syscall to retrieve availability information for several
    RISC-V extensions (and accelerate deflate algorithm with them).
    
    As the seccomp sandbox of OpenSSH will raise SIGSYS for filtered out
    syscalls, this will abruptly terminate the process when the
    riscv_hwprobe syscall is tried.
    
    Put it into the allowlist to prevent process termination. As all
    syscalls here are guarded by #ifdef's, the same will be done for
    riscv_hwprobe, and thus on non-RISC-V builds nothing will happen.
    
    Signed-off-by: Icenowy Zheng <uwu@icenowy.me>

commit fd5018fbeb6e91ae4321490c2825ecc632b83748
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 28 05:16:18 2026 +0000

    upstream: ensure c->local_window doesn't underflow during updates;
    
    similar to checks performed elsewhere. From Renaud Allard
    
    OpenBSD-Commit-ID: 4827c10807936e9ab9af2cf1c7379e1f56dbdeac

commit 8331cb9daafd23391de4379e9977ff159bb8242e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 28 05:10:25 2026 +0000

    upstream: fix base16 parsing; currently unused. From Renaud Allard
    
    OpenBSD-Commit-ID: 3f6e5d4c6a2550d5a7e3c33bcd895b7f8e42196b

commit 21ecb5fd72ee442a8b1eb5011c7f929ba8ce02f9
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 28 05:07:12 2026 +0000

    upstream: mention that RevokedKeys is read by the server at each
    
    authentication time and should only ever be replaced atomically.
    
    OpenBSD-Commit-ID: eeedf5a10331ac4e39fbd2fc41e4a11c38b2ef9b

commit c5182e3f06f9f1fd86d62b9dcd0397408dd698da
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Sat Mar 28 05:06:16 2026 +0000

    upstream: fix potential hang if /etc/moduli doesn't contain the
    
    requested DH group values; from 77c9ca, ok dtucker@, markus@
    
    OpenBSD-Commit-ID: 1bf402cdb8876237c280ac77fbf7fafd2c16c5ae

commit d3efbba14fda78ed7b15fbc34cf34c1cf27d1716
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Mar 19 17:57:26 2026 +1100

    Add a VM-based test for OpenBSD-current.

commit 4bb4f1601e0776e71cfca50aae3680eb0771e2d0
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Mar 23 17:50:40 2026 +1100

    Add a Valgrind test of the PAM config.

commit 12da685dfc98b14dddb5977a1fc52d06474f3308
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Thu Mar 19 17:52:54 2026 +1100

    Upstream tests don't use the config file.

commit 2ca6eef69d7dbecfd67cede25ea6a9aa1074ba3e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 23 01:33:46 2026 +0000

    upstream: clarify that Authorized(Keys|Principals)(File|Command)
    
    are only consulted for valid users.
    
    clarify that TOKENS are expanded without sanitisation or escaping
    and that it's the user's reponsibility to ensure their usage is
    safe.
    
    prompted by bz3936; feedback/ok deraadt@
    
    OpenBSD-Commit-ID: cd58abad1137346ba2dee55fa9ebb975f5fa7a06

commit 443616ce9070d370c97271347e91fcfd24b5df84
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Mar 19 02:36:28 2026 +0000

    upstream: repair ssh-keysign after pledge changes; spotted/tested
    
    by naddy@ ok deraadt@
    
    OpenBSD-Commit-ID: fccc6c7994c8f45c4417efe490d23154d9caaa6d

commit 552a5c786b60a9cfe0d2c157dd18f78950529513
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Mar 11 09:10:59 2026 +0000

    upstream: Check return values of fcntl(... O_CLOEXEC)
    
    calls by reusing the macro in monitor.c.  Flagged by Coverity CID
    901297 in ssh-sk-client.c, a few other instances added for good measure.
    begrudging ok deraadt@
    
    OpenBSD-Commit-ID: b9de92e17ac0b04348770e5a25cb15a02b416926

commit 24168275e6d0b29cf2233c3f2c1d4a4614feb582
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Mar 11 09:04:17 2026 +0000

    upstream: Fix potential 1-byte array overrun
    
    in the case where read() returns exactly 100 bytes.  Flagged by Coverity
    CID 901296, ok djm@
    
    OpenBSD-Commit-ID: 66a96b08166e63dcbeed00297c33f09c4f22c1f7

commit 70a41262839a2d65ca8ef9e8ea34ad471c52afa1
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 10 07:27:14 2026 +0000

    upstream: whitespace
    
    OpenBSD-Commit-ID: b16d2b4a96406538fa181053926cba44abca7f29

commit ef98b6014bc3268e904092894ffcb63022172a97
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Tue Mar 10 06:35:29 2026 +0000

    upstream: when unveils error our, use correct variable
    
    OpenBSD-Commit-ID: 6b496c10965e70413a9916a8823839c553c6b2c4

commit beba5884dfe8cc30aadef439af5e5d784b5788b1
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Tue Mar 10 03:45:01 2026 +0000

    upstream: When execve() failure is indicated on the pipe, replicate
    
    the same error conditions as the previous access() check did ok djm
    
    OpenBSD-Commit-ID: 875a77dddf0809a3501de2b913cb3bfd4b64f3f7

commit 2a9e1aadaa20a05430bddc30853fbd3449083a4d
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Mar 10 03:40:26 2026 +0000

    upstream: unveil ssh-pkcs11-helper too; fixes breakage spotted by
    
    anton@
    
    If SK/P11/askpass is overridden by environment, only unveil the requested
    path and not both the requested one and the default.
    
    feedback/ok deraadt@
    
    OpenBSD-Commit-ID: 84356c6a44f35e66fe73fc1524a7c8e908521eb2

commit 46eb7dc5a6f312f99437ebdcf04f0f2c03aa570b
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Sat Mar 7 18:35:43 2026 +0000

    upstream: With it's own daemonization / fd cleaning code, ssh-agent
    
    opens /dev/null O_RDWR after a pledge without "wpath".  This is allowed in
    current pledge because "/dev/null" is implicitly allowed to be opened even
    with the most restrictive pledges or unveils.  This is a design decision in
    pledge made at the very beginning, to satisfy libc requirements.  We've
    finally had enough experience and know how to fix that in the near-future,
    but need to review and fix all code which opens these implicit paths. The fix
    is to add "wpath", so that "/dev/null" can be opened O_RDWR. But that is
    uncomfortable, so we add unveil() allowing "/" with "r", 4 unveil "x" for the
    potential askpass and helpers to be execve'd, and "/dev/null" with "wr".  As
    a result filesystem access is substantially more restricted than before, and
    ssh-agent is ready for the future pledge change. ok djm dtucker
    
    OpenBSD-Commit-ID: f223b11d2db3c0b14e53c1de59966dd5f372a977

commit b75bf339eae6115c544bdcefa0d67a6dcc971ec5
Author: deraadt@openbsd.org <deraadt@openbsd.org>
Date:   Sat Mar 7 18:27:52 2026 +0000

    upstream: Stop doing access() before execve(). It is a TOCTOU, but
    
    also it forces use of unveil "rx" instead of "x". This is done by using a
    pipe() through the fork+execve attempt to expose execve failure and create
    the same error return as the access() used to do. ok djm dtucker
    
    OpenBSD-Commit-ID: f9ee96e20352f35dc6f39127e0cc6b804700200a

commit 73888af650f0ce27cd93797f3e351b2d1b670550
Author: Damien Miller <djm@mindrot.org>
Date:   Tue Mar 10 14:43:30 2026 +1100

    stubs for OpenBSD unveil(2)

commit 4e15f7fc0c0ba897c227350eee1462d635ab32a6
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 6 07:06:45 2026 +0000

    upstream: Move OpenBSD CVS ID marker to top of file to avoid conflicts
    
    when syncing changes to portable.
    
    OpenBSD-Regress-ID: 6b7a9ef354e13e26ed474e98d04ec1d74e56e54e

commit 2df416dff1a1d5fb31598b7ce8fb5cb6b0f64fd3
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Mar 6 06:57:33 2026 +0000

    upstream: Replace u_intXX_t types with the equivalent C99 uintXX_t
    
    types to match similar change to the main ssh code.
    
    OpenBSD-Regress-ID: a62b6499f784f75a4fcb865aebb83f5936917a91

commit e067ccd6b4306ca6422d94ff7ddd231cbddd43cb
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Mar 5 05:44:15 2026 +0000

    upstream: ssh-agent supports a "query" extension that allows a
    
    client to request a list of extensions it support. This makes this capability
    available to ssh-add via the -Q flag.
    
    ok markus@
    
    OpenBSD-Commit-ID: f211630568ff1a7d6bb4983a94f05ddac1c2d4eb

commit 4fe278629c3f792628ea71132ba4fcbb9ceaa6b7
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Mar 5 05:40:35 2026 +0000

    upstream: With IANA codepoints for draft-ietf-sshm-ssh-agent now
    
    allocated, it's safe to start using the standard names for requesting agent
    forwarding over the @openssh.com extension names we've used to date.
    
    Support for the standard names is advertised via EXT_INFO. When the
    client sees such support it will use the new names preferentially,
    but the existing names remain supported unconditionally.
    
    ok markus@
    
    OpenBSD-Commit-ID: 1ab4a0b4de01e81a432875c2b7e5f7357e231af3

commit 511f5bc41aeca7f6ee6611e9b24d48e4dd6ae3d5
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Thu Mar 5 05:35:44 2026 +0000

    upstream: correctness wrt draft-ietf-sshm-ssh-agent:
    
    extension requests should indicate failure using
    SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE
    error code. This allows the client to discern between "the request
    failed" and "the agent doesn't support this extension".
    
    ok markus@
    
    OpenBSD-Commit-ID: d15d89f210cc973271d68147f09550163df731c9

commit 2a387ba37452971747d2f00db7d4c18b4f2c45ed
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Mar 3 09:57:25 2026 +0000

    upstream: Replace all remaining instances of u_intXX_t types with the
    
    C99 equivalent uintXX_t types.  ok djm@
    
    OpenBSD-Commit-ID: d9b81151266adb129574ce268af49f14ac23e65b

commit bb781f02d4efd178e329a62a838962bee16e3e9b
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Mon Mar 2 02:40:15 2026 +0000

    upstream: Move banner exchange to sshd-auth process
    
    Previously, exchange of the initial SSH- banners was performed
    by the privileged sshd-session monitor. This moves it to the
    unprivileged sshd-auth subprocess, removing ~200 LoC from the
    monitor's privileged attack surface.
    
    The monitor gains a new "setcompat" RPC to allow sshd-auth to
    inform it of bug compat flags picked up from the client's banner.
    
    feedback dtucker@, ok markus@ deraadt@
    
    OpenBSD-Commit-ID: d767eb1183630d754d521d9f0d84a6c72fbe7fc8

commit b50b881b17ab15e34b5e57b159b65f2a02725798
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Mar 1 09:46:39 2026 +1100

    Try -lstdc++ for libcrypto before giving up.
    
    BoringSSL recently added destructors to libcrypto, which requires
    linking against libstdc++, so when checking for a working libcrypto if
    at first the link fails, try again with -lstdc++ before giving up.

commit c26d90e5ad05372b63dbb8727cb6c23a6505a2fb
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Mar 1 09:41:39 2026 +1100

    Remove BoringSSL rpath as it's statically linked.

commit c65f4d2586416274e92720c9e1e745422e182488
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Feb 24 01:50:51 2026 +0000

    upstream: Use fmprintf instead of logit for challenge-response name and
    
    info to preserve UTF-8 characters where appropriate.  Prompted by github
    PR#452, with & ok djm@.
    
    OpenBSD-Commit-ID: e6361242329ec6925571478f60f4739726aad308

commit acf749756872d7555eca48514e5aca6962116fb2
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 24 11:28:11 2026 -0500

    Add AWS-LC and BoringSSL as potential libcryptos.

commit c25254d1516df5e57affc0e391ed6ead8267b637
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 24 11:16:11 2026 -0500

    Add self-hosted status to main README now it's public.

commit 5da0ccec2b5806f104913465b62fea475b2e15bb
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Tue Feb 24 11:10:16 2026 -0500

    Remove anchor to specific release notes version.

commit d7a9cd696a316c71e4c16f4158dc516b94abd863
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 23 21:34:48 2026 -0500

    Remove potentially leftover include compat shims.
    
    If we don't need a specific shim, ensure it does not exist.  Prevents
    confusion if configurations change or the directory is reused across
    different platforms.

commit c940e709ae2155a4614bc3709e393d88fdddabde
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 23 20:54:55 2026 -0500

    Check regress passwd is set before enabling kbdint.

commit 4ed5f9ecca9ed867c9f1040a3425af35f0703675
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Tue Feb 24 00:39:59 2026 +0000

    upstream: Remove leftover debugging.
    
    OpenBSD-Regress-ID: e778d76b21696a14db80f31b9e79601f2d7a9abf

commit a07a53b00e9aeadb420336783d219be012d88ba1
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 23 15:22:10 2026 -0500

    Activate kbdint test on PAM configs.

commit 5f98660c51e673f521e0216c7ed20205c4af10ed
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 12:39:31 2026 -0500

    Install libaudit-dev for --with-audit=linux test.

commit c9fcea8865b255d4b7566b28dce4af348d2bfbd6
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 11:22:37 2026 -0500

    Enable BSM audit test on FreeBSD VMs.

commit f1a9628cd7e415ce14e157d80c10b61514a22d13
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 10:59:02 2026 -0500

    Move BSM audit test to selfhosted runner.
    
    The vmactions VM on Github does not have the required libraries
    installed.

commit 97e8e66219d036404ae656060f0e0179b61f0614
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 10:51:09 2026 -0500

    Increase riscv64 test coverage.
    
    The machine running the tests has been replaced with a faster one.

commit e5e18432a27b909aa2194ef0b28a5d49f0e6b3a6
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 10:49:35 2026 -0500

    Whitespace fix.

commit b0463306174941274a1f96eb705618e036832920
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 18 09:48:55 2026 -0500

    Add test coverage for all of the --audit= configs.

commit 84206bde8adbef2dfe4f5b97dd23399827015333
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 18 03:04:12 2026 +0000

    upstream: same treatment for remote/remote copies (i.e. scp -3):
    
    adjust permissions on destination directory only if we created it or -p was
    requested. bz3925
    
    OpenBSD-Commit-ID: d977006df7b8330e06ceaa319383b347f1aca3ef

commit c3631567d9f77c2d073764e4b40f249687f4083e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 18 02:59:27 2026 +0000

    upstream: when uploading a directory using sftp/sftp (e.g. during a
    
    recursive transfer), don't clobber the remote directory permissions unless
    either we created the directory during the transfer or the -p flag was set.
    bz3925 ok dtucker@
    
    OpenBSD-Commit-ID: d66f40d01de05c9ec4029fab5413325301039b3a

commit 2b0f4a72bd87bef7cc9f0a1889cfc98545cbb158
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Tue Feb 17 21:45:07 2026 +0000

    upstream: make IPQoS first-match-wins in sshd_config as it's
    
    intended to be bz3924
    
    OpenBSD-Commit-ID: 42753eb8400ab09713c69ace6fa8bfdde133f942

commit 0e35095babe04ba1159e8029133e7f71e53d8fdb
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Mon Feb 16 23:47:06 2026 +0000

    upstream: remove duplicate includes; ok dtucker@
    
    OpenBSD-Commit-ID: 6b9191bc1a0f4320c926d5ccd9f36b09f0f3bcaf

commit 9eb778cfde5bca1d84bbad74d8664256301bb13b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 16 18:58:04 2026 -0500

    Restore utf8.h removed earlier as it's needed.
    
    ... for msetlocale prototype.

commit 723b76c8a358875cd53376c9a169887ba7a4b088
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Mon Feb 16 18:32:41 2026 -0500

    Removed duplicate includes; spotted by jsg@.

commit df2b28163ac75e023837de445d6492dc57359105
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 15 14:16:56 2026 -0500

    Remove "draining" of PAM prompts.
    
    With the previous commit, both prompts and info/error error messages are
    returned to keyboard-interactive immedately and none are accumulated, so
    there will never be any un-drained prompts.  ok djm@

commit b9a6dd4d66ee14577494d550b396d0452bf05e1e
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Tue Oct 17 04:27:32 2023 +0200

    auth-pam: Immediately report interactive instructions to clients
    
    SSH keyboard-interactive authentication method supports instructions but
    sshd didn't show them until an user prompt was requested.
    
    This is quite inconvenient for various PAM modules that need to notify
    an user without requiring for their explicit input.
    
    So, properly implement RFC4256 making instructions to be shown to users
    when they are requested from PAM.
    
    Closes: https://bugzilla.mindrot.org/show_bug.cgi?id=2876

commit a1158bba43e00240c00c530596de2d4e1d405b50
Author: Matthew Heller <hellermf@accre.vanderbilt.edu>
Date:   Mon Oct 14 09:25:41 2024 -0500

    fix duplicate PAM msgs, missing loginmsg reset
    
    without this change in mm_answer_pam_account all messages added in
    auth-pam.c sshpam_query(...) case PAM_SUCCESS end up sent here, then are
    still sitting in the loginmsg buffer and printed a second time in
    session.c do_login(...)

commit 7a59f55e621c841aab187c96e0f3271c5c799709
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 16 00:45:41 2026 +0000

    upstream: Reorder headers to match KNF and Portable.
    
    ID sync only.
    
    OpenBSD-Commit-ID: b7f9700d07b532eb3720f7bd722b952e31b1752f

commit c5cee49a0c5721532716365f32977fc02eeea1d5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Sun Feb 15 22:29:30 2026 +0000

    upstream: Add basic test for keyboard-interactive auth.
    
    Not enabled by default since it requires some setup on the host.
    
    OpenBSD-Regress-ID: aa8a9608a2ea2e5aaa094c5a5cc453e4797cd902

commit 07c6413e7bf08b7bfc6fd543eded9da68898e230
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Sat Feb 14 00:18:34 2026 +0000

    upstream: remove unneeded includes; ok dtucker@
    
    OpenBSD-Commit-ID: bba6e85492276c30c7a9d27dfd3c4c55fa033335

commit d8b806a2e6cd50c729e5d2bad569955a1df33f63
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Sun Feb 15 13:31:52 2026 -0500

    Remove obsolete comment referencing auth-chall.c.
    
    It was removed in commit 6cb6dcff along with the rest of the SSH1 server
    support.

commit 3e8a45e0eeb5c84f12ac04ea7cc2f831c91c263b
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Mon Oct 16 21:15:45 2023 +0200

    auth-pam: Add an enum to define the PAM done status
    
    Makes things more readable and easier to extend

commit 9b0e50b4132679f0c09c0f1272bf1c45959103ea
Author: Marco Trevisan (Treviño) <mail@3v1n0.net>
Date:   Tue Oct 17 04:35:17 2023 +0200

    auth-pam: Add debugging information when we receive PAM messages

commit c2447697aaecae11d164f1ba30e06d14b5cabcdd
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Fri Feb 13 15:34:44 2026 -0500

    Remove DragonFlyBSD workaround for sys/mount.h.
    
    ... since we're not not including it at all any more.

commit 8b3a0552054106feb036c632fc844f878568799f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Fri Feb 13 19:06:18 2026 +0000

    upstream: Replace <sys/mount.h> with <limits.h>
    
    The former is a portability hassle, but it turns out the only thing we
    need from it is PATH_MAX which we can get directly from limits.h.
    
    OpenBSD-Commit-ID: ccfbbd678bef3a3930ae89da456645c3ee5f83c0

commit db475199639667197b12b3aa5205de71ef102e23
Author: jsg@openbsd.org <jsg@openbsd.org>
Date:   Fri Feb 13 01:04:47 2026 +0000

    upstream: remove unneeded forward struct declaration ok djm@
    
    OpenBSD-Commit-ID: a0c97e919667394bef8dbf31df72af3ba07542e9

commit ae51e05dbd840ad674fee754f33c0e2fd141074e
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 11 22:58:23 2026 +0000

    upstream: very basic testing of multiple files in RevokedKeys and
    
    RevokedHostkeys
    
    OpenBSD-Regress-ID: 6cee76bcc4bd6840bc8d39dd0d32d724e1427aa7

commit 2f51e29b9a0ffd7acb9dc70d90defa466b5695d4
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 11 22:57:55 2026 +0000

    upstream: support multiple files in a ssh_config RevokedHostKeys
    
    directive bz3918; ok dtucker
    
    OpenBSD-Commit-ID: 0ad2eacf836f912f347846ab84760799033dd348

commit 135a62238a479c7369f2b2d5dafb921ddc1c2b74
Author: djm@openbsd.org <djm@openbsd.org>
Date:   Wed Feb 11 22:57:16 2026 +0000

    upstream: support multiple files in a sshd_config RevokedKeys
    
    directive bz3918; ok dtucker
    
    OpenBSD-Commit-ID: 9fc58c4e676f8e9ed2e3a0da666242a17b8a55b2

commit 3160f2a97e875bfa9454f98899cbccad48c96ff4
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 11 17:05:32 2026 +0000

    upstream: Add includes used in Portable to reduce diffs.
    
    OpenBSD-Commit-ID: 186c60cf2da0ddb075d5bc4879e87bbd8779b7e4

commit 6a756f3f7b9f87f24e948ec1de0266f5c1587811
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 11 17:03:17 2026 +0000

    upstream: Remove unused sys/queue.h include.
    
    OpenBSD-Commit-ID: 564f75672e27f1006f280614934eb304abe69167

commit c169300df12b9aa7005ff6e61880a7e007e83bc5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 11 17:01:34 2026 +0000

    upstream: Reorder includes and defines to match both KNF and
    
    Portable.
    
    OpenBSD-Commit-ID: f3f179c095f8e4787ded5f450e2842881f6b8ab2

commit 1a4eb511abaf3522b84fa5697524b81b4865279b
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 11 17:36:42 2026 -0500

    Factor out RNG reseeding in to a single function.
    
    sshd and sshd-session both reseed the RNG after a fork.  Move the
    existing reseed_prngs() function into entropy.c and use for both.
    Clean up entropy.h too.  ok djm@

commit 81746188e9333b166b4c31f9654d8eb249ddd897
Author: Darren Tucker <dtucker@dtucker.net>
Date:   Wed Feb 11 16:47:27 2026 -0500

    Remove do_pam_chauthtok since it's no longer used.

commit f1b9e0f7f1f1ed5be2bd1c39bda03fc99a1cf5d8
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Wed Feb 11 16:57:38 2026 +0000

    upstream: Pass actual size of the buffer to hostname() instead of a
    
    define that's probably the same.  ok millert@ djm@
    
    OpenBSD-Commit-ID: 7c97b22439100b4193404ccfa1e5f539c5a8d039

commit 4ef24496b7c4c918d4d3a049f83739fbe2e36e9f
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 22:15:45 2026 +0000

    upstream: De-underscore __inline__ to match -portable
    
    (and every other use of it in ssh).  ID sync only.
    
    OpenBSD-Commit-ID: 83c913d5e2345635bc5434167ed67cec5409d494

commit c8972792e5ce599e584bbe1aa084cc4056f1afe5
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 22:12:48 2026 +0000

    upstream: Remove references to skey auth which is long gone.
    
    ID sync only.
    
    OpenBSD-Commit-ID: 0c2340566c399f7f74fe4c5366394974cd6fd122

commit db779679839d2798de7cda196a3fe750a12845e8
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 22:11:39 2026 +0000

    upstream: Remove unused OpenSSL includes,
    
    that are no longer used, even when building with OPENSSL=yes.
    
    OpenBSD-Commit-ID: e97e3e551ade9aee994b80a1d5851be6f32288e3

commit 8ec21f6274108e93601173ec4e6f7528b90b0003
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 22:09:48 2026 +0000

    upstream: Use https for URLs.
    
    ID sync only.
    
    OpenBSD-Commit-ID: 85b2919e95e6d2bfdeddf5e3b0709fb5b6b4c438

commit c3eaa953ae78e581d7ba2327beea35206a14bc1e
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 21:38:14 2026 +0000

    upstream: Remove unused OpenSSL includes,
    
    which are no longer used even when building with OPENSSL=yes.
    
    OpenBSD-Commit-ID: 31adb21bf3f8f5c13cde59229f1b85c20f19a858

commit 280cf58afe71bf34141e732d30676367f0150bbe
Author: dtucker@openbsd.org <dtucker@openbsd.org>
Date:   Mon Feb 9 21:23:35 2026 +0000
